Cloud computing has a lot to offer organizations of all sizes, from not having to build and scale your own infrastructure to more flexibility and faster implementation. But that doesn’t mean you can just punch in a credit card, kick your feet up, and expect everything to take care of itself after that.

On the contrary, capitalizing on the cloud requires strategic leadership on the part of IT—from the C suite to every level of the organization. That’s particularly true for businesses that are finally moving away from more traditional approaches to IT. Unlike cloud-first companies—where it can be all cloud, all the time—traditional organizations sometimes have a tough time developing and implementing their cloud computing strategies. One of the biggest challenges: skeptics who openly resist change or simply stick their head in the corporate sand.

The big question

That raises a critical question for IT folks in those kinds of organizations: Do you want to be one of the roadblocks to technology innovation, or do you want to be one of the leaders that shepherds its success? (Here’s a hint: Choose to be one of the leaders. It’s going to work out much better for your career.)

“To me, a modern IT department has a very clear perspective about where they can provide significant value to the business that’s differentiated, on one end of the spectrum, all the way through to where, frankly, they just need to act as a procurement and vendor management organization on the other end of the spectrum,” says Cloud Foundry CTO Chip Childers. “Along that spectrum, there certainly multiple steps and configurations that you could have.”

Given that variety, how can people in IT ops, dev, and other tech roles become cloud leaders inside companies embarking on the complex, sometimes contentious process of migrating significant workloads to the cloud? These four steps are a great way to start:

Step 1: Own the build vs. buy decision

First the good news: You don’t need to throw out your old playbook for using technology to address business needs. You just need to update it to address the powerful new cloud-based options for building, deploying, running, and maintaining software and infrastructure. The first question, still, is procurement vs. development.

“Is what I’m looking to solve something that’s already a solved problem?” Childers asks. If the answer is “yes,” then you’re already leaning toward the procurement path. If it’s “no,” then you may be kicking off a new development project.

In most cases, though, the answer may not be completely clear-cut. You could choose to build and manage applications in a cloud environment, for example. Or you could outsource the need entirely with a full Software-as-a-Service (SaaS) option. Childers points to email as a prime example of a solved problem, one readily available as a cloud service that eliminates the need for a lot of the under-the-hood grunt work that comes with managing users, mailboxes, servers, and so forth.

Costs are, of course, a sizable limb on the decision tree. This means more than just total cost of ownership (TCO) / return on investment (ROI) analyses, but also opportunity cost, according to Childers. For example, what can be saved or gained if your team no longer has to manage the headaches of the corporate email system? Freeing developers and other roles to work on more innovative applications and business problems has real value that should be factored into the equation.

Step 2: Develop a cloud vendor evaluation framework

One characteristic of the cloud landscape is hard to overlook: There are a heck of a lot more choices than there used to be. IT pros can fill a critical need by becoming a go-to resource for organizational strategy and decision-making when it comes to SaaS and other cloud technologies.

If you’re working in a large enterprise, Childers recommends IT ops and developers build relationships with the procurement department: “When we think about a portion of IT shifting to more of a procurement-style role, they can learn a lot from the people that have been doing this for years,” he says.

That expertise might not be as readily available in a midsize or small company, so the do-it-yourself approach comes into play. The Internet is your friend, of course: online research is a must. If your company works with a technology analyst firm, don’t forget that resource. Either way, it’s important to develop your own set of questions and criteria to guide your evaluation process, based on your specific business and industry,.

“How did you decide in the past what software systems you were going to use and deploy within your own datacenter?” Childers asks. “This is a very similar process to that; you just have a different level of abstraction and a different relationship with the company you’re going to purchase from.”

Examples of things to look at include:

Availability and resiliency: Understand what the service-level agreement (SLA) says and what it promises you. Be sure you know how a provider will make good if it doesn’t meet its SLA requirements.

Data providence: Where is the data going to live? Who owns the data? How will it be protected?

SLAs and Terms & Conditions: “They certainly vary widely,” Childers says. “Make sure as a company that your data is your data … and that you’ve got a way to extract it at some point.”

Step 3: Scrutinize security

“As an IT professional functioning in the cloud environment, you need to constantly be studying what you can and cannot share in the cloud,” says Mark Broderick, IT applications director at Eliassen Group. “Evaluating the security risks associated with any cloud migration is wholly dependent on the needs of the data,” Broderick adds. “What is it that your company does? What are the laws governing that data you collect and disperse as a corporate entity? Is it health IT data of thousands of patients? Or are you attempting to protect the insurance and financial records of your consumers?”

Indeed, if your company operates under industry regulations such as HIPAA, that’s going to determine a good deal of your evaluation process: potential cloud vendors must offer the necessary security and compliance protocols, or they can’t be your vendors.

But even in relatively unregulated businesses, “the same thing applies,” Childers notes. “You still need to understand, [with] each vendor that you’re considering, exactly what their position is around achieving multi-tenancy [and] contractual guarantees around the privacy and protection of the data that you’re putting into the system.”

Step 4: Plan for the long-term

Successful cloud leaders need to achieve a smart balance on the modern IT spectrum from providing business value to procurement and vendor management. That requires continuously checking assumptions and expectations against evolving business and technical needs. This should include a regular—say, quarterly—check-in to ensure both sides remain in sync.

“Let’s say CRM solution ‘A’ made a lot of sense this year. Five years from now, first, the market’s going to have changed. Second, the solution you’ve been using is going to have evolved over time,” Childers says. “If you’re not continually reassessing the decisions that you’ve made and then reconfirming that your expectations are being fulfilled—and reconfirming that the business users [remain satisfied], then you’re getting yourself into a bad position.”

For many people, cloud computing suggests a set-it-and-forget-it mentality. That’s not how it works. Properly capitalizing on cloud computing requires constant monitoring and assessment, and that’s the long-term opportunity for emerging cloud leaders in the organization.

It’s understandable that some ops folks may adopt a protectionist mindset to the significant changes created by cloud migration. The need for new skill sets can certainly be challenging. But a circle-the-wagons approach is unlikely to lead to success in an increasingly cloud-centric world. Instead, IT pros should focus on the new leadership opportunities created in the cloud.